Whirlpool reported that it found ransomware in its systems, saying that no customer information was leaked and it encountered no operational difficulties. The ransomware gang that attacked them has a different story, and it’s threatening to publish confidential information.
The Whirlpool Corporation said it had fallen victim to a ransomware attack after the Nefilim gang published some files it claims to have stolen in the attack. The company was breached in the first week of December, but if the published correspondence is to be believed, the attacks only published the data after they disagreed with the company.
“Last month Whirlpool Corporation discovered ransomware in our environment,” said the company in an email to BleepingComputer. “The malware was detected and contained quickly. We are unaware of any consumer information that was exposed. There is no operational impact at this time.”
Nefilim is one of the few gangs with a semi-public presence on the Internet. The group published the first part of an archive with a message.
“The leak comes after long negotiations and unwillingness of executives of Whirlpool Corporation to uphold the interests of their stakeholders,” the message reads. “Whirlpool cybersecurity is very fragile, which allowed us to breach their network for the second time after they stopped the negotiations.”
The message posted by the attackers leaves the door open for more information to be revealed. On the other hand, Whirlpool says its systems have been fully restored after the attack but made no mention of any data that might have leaked during the cybersecurity incident.
Nefilim, like many others, is now part of a new kind of ransomware gang that steals valuable data during attacks, which they then use to blackmail companies into paying. With so many organizations using backup solutions, it’s no longer enough to compromise the networks.